Security News > 2020 > July > ICS-Targeting Snake Ransomware Isolates Infected Systems Before Encryption
Recent samples of the Snake ransomware were observed isolating the infected systems to ensure that nothing interferes with the file encryption process, security researchers warn.
Initially detailed in January this year, Snake has emerged as a prevalent threat to industrial control systems, due to the targeting of processes specific to these environments.
One of the main characteristics of Snake is the killing of processes from a predefined list, including ICS-related processes, to encrypt resources associated with them in an effort to further entice victims into paying the ransom to restore affected systems.
As part of more recent attacks, the ransomware has taken the malicious activity one step further, through attempting to isolate the compromised systems before starting the file encryption process.
If successful at infecting a domain controller, Snake "Can affect security authentication requests within the network domain, thereby severely impacting networked users," Fortinet points out.